 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Is there any reason for FC6, or was it just a matter of selecting a distro? I recently tried the new Ubuntu Enterprise, and I can't say I hate it for a server. I definitely like the fact that it doesn't install anything to speak of, which leaves all of those unknown attack vectors out in the cold, as well as being able to run it on minimal hardware without going to the trouble of turning off lots of stuff. It does require you to take into account the fact that you then need to install what you need, however apt-get is fairly simple to use (it's debian-based). I have tried RHEL3 & 4, RedHat Pro Desktop, Suse Desktop 9, Ubuntu Desktop & Ubuntu Enterprise, Fedora Core 4 & 5, SlackWare (9 maybe?), and YellowDog. So far I like Suse best for a Desktop (with both Gnome & KDE installed, but KDE as the desktop), and Ubuntu Enterprise as a Server. The RHEL3 boxes I've used are always being attacked, and several times hacked. It just takes way too much energy to keep up with all of the possibilities for exploits on those things. The RedHat Desktop would regularly crash or freeze. The Suse 9 Desktop I am still using at work. No problems to speak of. The Ubuntu Enterprise server we're using was compromised on a non-priviledged account once, but there isn't anything installed that the user could use, so no worries. It only runs Bind9 & HTTP, so it can't be used for mail, and I only had to address configuring those two services for security purpoase. That inevitably saves alot of worry. I've also added the attached snippet to the end of my /etc/profiles on those machines, only allowing logins from a single internal machine to my Linux boxen (the .24 machine runs IRIX ;-) . I then run a cron every minute that looks for the 'login' file, and if found emails the hmail.txt file (by piping it into sendmail -t). It's not foolproof (you could just type Ctrl-C if you're smart enough), but it definitely helps some. I hope that helps, Grant M. -- ------------ Grant M. NeonEdge...Web Pages by Design http://www.neonedge.com/ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: prof_snip.sh URL: <http://lists.blu.org/pipermail/discuss/attachments/20061125/496239eb/attachment.ksh>
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
